{"id":13844106,"url":"https://github.com/binganao/vulns-2022","last_synced_at":"2026-02-17T15:02:35.976Z","repository":{"id":37721736,"uuid":"448144487","full_name":"binganao/vulns-2022","owner":"binganao","description":"本项目用于搜集 2022 年的漏洞，注意：本项目并不刻意搜集 POC 或 EXP，主要以CVE-2021、CVE-2022 为关键词，包含但不限于漏洞资讯、漏洞复现、漏洞分析、漏洞验证、漏洞利用","archived":false,"fork":false,"pushed_at":"2022-04-17T04:01:19.000Z","size":118,"stargazers_count":382,"open_issues_count":0,"forks_count":53,"subscribers_count":15,"default_branch":"main","last_synced_at":"2026-01-30T12:42:17.027Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/binganao.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-01-15T00:31:06.000Z","updated_at":"2025-09-29T02:32:30.000Z","dependencies_parsed_at":"2022-09-23T02:50:42.456Z","dependency_job_id":null,"html_url":"https://github.com/binganao/vulns-2022","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/binganao/vulns-2022","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/binganao%2Fvulns-2022","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/binganao%2Fvulns-2022/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/binganao%2Fvulns-2022/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/binganao%2Fvulns-2022/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/binganao","download_url":"https://codeload.github.com/binganao/vulns-2022/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/binganao%2Fvulns-2022/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29548201,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-17T14:33:00.708Z","status":"ssl_error","status_checked_at":"2026-02-17T14:32:58.657Z","response_time":100,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-04T17:02:34.924Z","updated_at":"2026-02-17T15:02:35.960Z","avatar_url":"https://github.com/binganao.png","language":null,"funding_links":[],"categories":["漏洞库、漏洞靶场","Others"],"sub_categories":["网络服务_其他"],"readme":"# 搜集 2022 年的漏洞\n\n本项目用于搜集 2022 年的漏洞，**注意:** 本项目并不刻意搜集 POC 或 EXP，包含但不限于漏洞资讯、漏洞复现、漏洞分析、漏洞验证、漏洞利用\n\n目前纯手工搜集，后期可能会加入机器人，漏洞按照更新时间逆序排序\n\n## 命令执行\n\n[Gitlab Enterprise Edition (13.9.5) CVE-2021-22205](https://github.com/ahmad4fifz/CVE-2021-22205)\n\n[A Zero-Click RCE exploit for CVE-2021-0326 on the Peloton Bike](https://github.com/aemmitt-ns/skeleton)\n\n[CVE-2022-24086 about Magento RCE](https://github.com/Mr-xn/CVE-2022-24086)\n\n[Apache APISIX 2.12.1、Apache APISIX 2.10.4 POC(CVE-2022-24112)](https://github.com/shakeman8/CVE-2022-24112)\n\n[向日葵远程控制软件 RCE](https://github.com/TRYblog/sunlogin_rce_)\n\n[Remote Code Execution in TP-Link Tapo c200 IP camera](https://github.com/hacefresko/CVE-2021-4045-PoC)\n\n[Cisco Anyconnect VPN unauth RCE(CVE-2022-20699)](https://github.com/Audiobahn/CVE-2022-20699)\n\n[RCE via Email-Templates (Authenticated only) in SuiteCRM \u003c= 8.0.1(CVE-2021-45897)](https://github.com/manuelz120/CVE-2021-45897)\n\n[CVE-2021-22204 Rxiftool RCE](https://github.com/0xBruno/CVE-2021-22204)\n\n[HongJingEHR多个漏洞(Axis Adminservice远程代码执行漏洞、HongJingEHR未授权反序列化漏洞)](https://www.seebug.org/vuldb/ssvid-99429)\n\n[NUUO NVRmini2 未授权RCE漏洞](https://www.seebug.org/vuldb/ssvid-99452)\n\n[Uniview 未授权RCE漏洞 (CVE-2021-45039)](https://www.seebug.org/vuldb/ssvid-99451)\n\n[SONICWALL SMA100 Apache httpd 未授权RCE (CVE-2021-20038)](https://attackerkb.com/topics/QyXRC1wbvC/cve-2021-20038/rapid7-analysis)\n\n[TerraMaster TOS session 伪造、任意⽂件读取、远程命令执⾏等多个漏洞](https://packetstormsecurity.com/files/165399/terramaster-exec.py.txt)\n\n[H2 数据库控制台未授权 RCE (CVE-2021-42392)](https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console/?utm_campaign=Log4j\u0026utm_content=004atglxq0kpxz6\u0026utm_medium=social\u0026utm_source=twitter)\n\n[Atlassian Jira Server and Data Center 授权RCE漏洞 (CVE-2021-43947)](https://mp.weixin.qq.com/s/XDX5eq3UE51_yLo0Q4wZ0g)\n\n[CVE-2021-41773 Apache HTTP Server 2.4.49 RCE](https://github.com/m96dg/CVE-2021-41773-exercise)\n\n## 权限提升\n\n[Linux CVE-2022-0847-DirtyPipe-Exploit](https://github.com/Arinerron/CVE-2022-0847-DirtyPipe-Exploit)\n\n[Windows CVE-2021-24084 Windows Local Privilege Escalation](https://github.com/exploitblizzard/WindowsMDM-LPE-0Day)\n\n[Windows Exploit for CVE-2022-21999 - Windows Print Spooler Elevation of Privilege Vulnerability (LPE)](https://github.com/ly4k/SpoolFool)\n\n[Linux polkit的pkexec 本地权限升级漏洞 EXP NO GCC(CVE-2021-4034)](https://github.com/EstamelGG/CVE-2021-4034-NoGCC)\n\n[Linux PolKit (polkitd) 0.133 本地提权(CVE-2021-3560)](https://github.com/chenaotian/CVE-2021-3560)\n\n[Windows Exploit for CVE-2022–22718 - Windows Print Spooler Elevation of Privilege Vulnerability (LPE)](https://github.com/ly4k/SpoolFool)\n\n[Windows CVE-2021-1675 is a vulnerability in the Print Spooler Service of Microsoft Windows](https://github.com/AndrewTrube/CVE-2021-1675)\n\n[Windows POC CVE-2022-21882](https://github.com/sailay1996/cve-2022-21882-poc)\n\n[Windows win32k LPE bypass CVE-2022-21882](https://github.com/KaLendsi/CVE-2022-21882)\n\n[Linux polkit的pkexec 本地权限升级漏洞 EXP(CVE-2021-4034)](https://github.com/arthepsy/CVE-2021-4034)\n\n## 拒绝服务\n\n[A-potential-Denial-of-Service-issue-in-protobuf-java](https://github.com/Mario-Kart-Felix/A-potential-Denial-of-Service-issue-in-protobuf-java)\n\n## 代码执行\n\n[Hotel Druid v3.0.3 Code Injection vulnerability (CVE-2022-22909)](https://github.com/0z09e/CVE-2022-22909)\n\n[Remote Code Execution on Confluence Servers(CVE-2021-26084)](https://github.com/0xf4n9x/CVE-2021-26084)\n\n[a-tag with the HTML injection vulnerability in CSV+ \u003c=0.8.0(CVE-2022-21241)](https://github.com/satoki/csv-plus_vulnerability)\n\n[POC for CVE-2022-21907: Windows HTTP协议栈远程代码执行漏洞](https://github.com/antx-code/CVE-2022-21907)\n\n[GoAhead 远程代码执⾏漏洞 (CVE-2021-42342)](https://mp.weixin.qq.com/s/AS9DHeHtgqrgjTb2gzLJZg)\n\n## SQL注入\n\n[Casdoor SQL Injection (CVE-2022-24124)](https://github.com/ColdFusionX/CVE-2022-24124)\n\n[Prestashop \u003e= 1.7.5.0 \u003c 1.7.8.2 - SQL injection(CVE-2021-43789)](https://github.com/numanturle/CVE-2021-43789)\n\n[Moodle 3.11-3.11.4 SQL注入 POC(CVE-2022-0332)](https://github.com/numanturle/CVE-2022-0332)\n\n[PhpIPAM v1.4.4 授权 SQL 注入(CVE-2022-23046)](https://github.com/jcarabantes/CVE-2022-23046)\n\n[CVE-2022-21661-WordPress-Core-5.8.2-WP_Query-SQL-Injection POC](https://github.com/sagittarius-a/cve-2022-21658)\n\n[CVE-2022-21661-WordPress-Core-5.8.2-WP_Query-SQL-Injection](https://github.com/TAPESH-TEAM/CVE-2022-21661-WordPress-Core-5.8.2-WP_Query-SQL-Injection)\n\n[wordpress SQL注入漏洞 (CVE-2022–21661)](https://www.seebug.org/vuldb/ssvid-99431)\n\n## 越权漏洞\n\n[ZABBIX-监控系统 Unsafe Session Storage(CVE-2022-23131)](https://github.com/0tt7/CVE-2022-23131)\n\n[ZABBIX-监控系统-Saml-bypass-poc(CVE-2022-23131)](https://github.com/1mxml/CVE-2022-23131)\n\n[CVE-2022-22828 Synametrics - SynaMan version 4.9 存在越权漏洞](https://github.com/videnlabs/CVE-2022-22828)\n\n[Hospital's Patient Records Management System 1.0(CVE-2022-22296)](https://github.com/vlakhani28/CVE-2022-22296)\n\n[Gin-Vue-admin垂直越权漏洞与代码分析 (CVE-2022-21660)](https://github.com/UzJu/Gin-Vue-admin-poc-CVE-2022-21660)\n\n## 信息泄露\n\n[WebLogic 信息泄露漏洞(CVE-2022-21252)](https://www.oracle.com/security-alerts/cpujan2022.html#AppendixFMW)\n\n[Import Export WordPress plugin(CVE-2022-0236)](https://github.com/qurbat/CVE-2022-0236)\n\n## 容器逃逸\n\n[Sample Ubuntu LPEs and container escapes CVE-2022-0185 分析](https://github.com/chenaotian/CVE-2022-0185)\n\n[Sample Ubuntu LPEs and container escapes coming soon(CVE-2022-0185)](https://github.com/Crusaders-of-Rust/CVE-2022-0185)\n\n## 外部实体\n\n[Andrid XML外部实体引用inskylot/jadx的不当限制(CVE-2022-0219)](https://github.com/Haxatron/CVE-2022-0219)\n\n## XSS\n\n[Stored XSS Vulnerability on RosarioSIS 8.2.1(CVE-2021-45416)](https://github.com/dnr6419/CVE-2021-45416)\n\n[SAS Logon 9.4 allows warning-message injection(CVE-2022-25257)](https://github.com/polling-repo-continua/CVE-2022-25257)\n\n[Reflected XSS in TastyIgniter v3.2.2 Restaurtant CMS(CVE-2022-23378)](https://github.com/TheGetch/CVE-2022-23378)\n\n[Stored Cross Site Scripting Sourcecodester Online Car Rental System 1.0(CVE-2021-46005)](https://github.com/nawed20002/CVE-2021-46005)\n\n[Reflected Cross-site scripting (XSS) vulnerability in RosarioSIS 8.2.1(CVE-2021-45416)](https://github.com/86x/CVE-2021-45416)\n\n[D-Link Router DSL-2730E - Stored Cross Site Scripting (XSS)(CVE-2021-46108)](https://github.com/g-rubert/CVE-2021-46108)\n\n[Ivanti Service Manager 2021.1 infected with reflected XSS(CVE-2021-38560)](https://github.com/os909/iVANTI-CVE-2021-38560)\n\n[RosarioSIS 8.2.1 反射式跨站点脚本(CVE-2021-45416)](https://github.com/86x/CVE-2021-45416)\n\n[HPRMS - 'room_list' Stored XSS(CVE-2022-22852)](https://github.com/Sant268/CVE-2022-22852/blob/main/CVE-2022-22852.md)\n\n[HPRMS - 'doctors' Stored XSS(CVE-2022-22851)](https://github.com/Sant268/CVE-2022-22851/blob/main/CVE-2022-22851.md)\n\n[HPRMS - 'room_types' Stored XSS(CVE-2022-22850)](https://github.com/Sant268/CVE-2022-22850/blob/main/CVE-2022-22850.md)\n\n## 文件上传\n\n[Spring4Shell-POC (CVE-2022-22965)](https://github.com/BobTheShoplifter/Spring4Shell-POC)\n\n[WordPress File Upload Vulnerability, Modern Events Calendar Lite WordPress plugin before 5.16.5(CVE-2021-24145)](https://github.com/dnr6419/CVE-2021-24145)\n\n## 文件包含\n\n[Oracle WebLogic Server 12.1.3.0.0/12.2.1.3.0/12.2.1.4.0/14.1.1.0.0 本地文件包含(CVE-2022-21371)](https://github.com/Mr-xn/CVE-2022-21371)\n\n## SSRF\n\n[Microsoft Exchange ProxyLogon PoC (CVE-2021-26855)](https://github.com/thau0x01/poc_proxylogon)\n\n## SSTI\n\n[VMware CVE-2022-22954 Workspace ONE Access Freemarker Server-side Template Injection](https://github.com/sherlocksecurity/VMware-CVE-2022-22954)\n\n## 其他\n\n[CVE-2021-45901 (ServiceNow - Username Enumeration)](https://github.com/9lyph/CVE-2021-45901)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbinganao%2Fvulns-2022","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbinganao%2Fvulns-2022","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbinganao%2Fvulns-2022/lists"}